Open source · npm
The Data Hogo CLI
Run one command and get a full security report printed right in your terminal. It runs entirely on your machine — nothing is uploaded.
AGPL-3.0 · works on macOS, Linux and Windows
That is the whole thing: a colored report, in your terminal, in seconds. No account, no dashboard, nothing leaves your machine.
Three ways to run it
Same scanner, wherever you work.
In your terminal
The default. Point it at a project and read the report — score, findings, and the fix, right where you already are.
# Run once, no install
npx datahogo
# Or install it globally
npm install -g datahogo
datahogo scanIn your CI
The GitHub Action fails the build when it finds issues at the severity you choose, and uploads results to your repo’s Security tab.
# .github/workflows/security.yml
name: Security
on: [push, pull_request]
permissions:
contents: read
security-events: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: datahogo/datahogo@main
with:
fail-on: highNot on GitHub? Any CI works — pipe --sarif or --json output wherever you need it.
Inside Claude Code or Cursor
A separate, optional package (@datahogo/mcp) exposes the scanner as tools your AI agent can call. It scans, then writes the explanation and the fix itself.
# Separate optional package — adds the scanner
# as tools your AI agent can call
claude mcp add datahogo -- npx -y @datahogo/mcpOptional. The base CLI never needs it — this is only if you want scanning inside your editor.
Commands and options
datahogo scan [path]Scan a directory (default: current)--jsonMachine-readable JSON output--sarifSARIF 2.1.0 for GitHub Code Scanning--fail-on <severity>Exit non-zero at or above a severity--url <url>Also scan a deployed URL--explainAI explanations (uses your ANTHROPIC_API_KEY)datahogo doctorCheck optional tools (Semgrep, Gitleaks)Free, forever.
The CLI is open source and always will be. Star it, fork it, read every line.